Security experts have warned of a new phishing-as-a-service (PhaaS) platform that’s emerging as a serious threat, thanks to its advanced features, obfuscation techniques, and competitive pricing.
Crooks are mostly using it to target people’s Microsoft 365 accounts, both private and corporate, and it costs $250 a month which, they say, is a rather competitive price, drawing much interest from the cybercriminal community.
Adversary in the middle
Over the last couple of months, the platform was upgraded and enhanced multiple times, and now masks the IP addresses of relay servers on authentication logs, and rotates link domains used in phishing URLs, to avoid blacklisting.
Crooks that purchase the service can create convincing Microsoft 365 login pages, which even allow for the capture of the victim’s authentication tokens, multi-factor authentication (MFA) codes, and similar advanced protections.
All of this has made Mamba 2FA a formidable foe. Sekoia’s researchers said that during the observation period, they saw the PhaaS in action multiple times, suggesting a widespread threat.
Phishing continues to be the number one attack vector around the world. Its omnipresence, low cost, and the ease at which addresses can be found, make email the go-to avenue to steal sensitive data, or deploy malware. In recent years, companies started demanding their employees use multi-factor authentication to provide an extra layer of security and make sure passwords stolen via phishing cannot be abused.
Criminals have responded by creating adversary-in-the-middle (AiTM) solutions, as is Mamba 2FA, which can even trick the victim into sharing MFA codes with the attackers, as well. In some instances, the criminals will allow the victim to log into the legitimate service simultaneously, increasing the perceived legitimacy and reducing the chances of being spotted.